question on new filecontext type and documentation issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
thank you for the nice solution you provided with Selinux.

I have two issues:

1)
I use Centos 5.2 which clones Redhat Enterprise Linux. I use the targeted policy.
Postfix and dovecot shares the certicates. I solved the problem in a way that I copied the certificates and set the corresponding context. I don't like this approach. Alternatively I can use the normal audit2allow approach to allow postfix access to dovecot or vice versa but I would like not to give them this right. The best solution is to create a new context which can be accessed by both domains. With the new module approach, how do I start to write a new context type? It is probably simple but I don't find the way to start by reading the documentation on the net. 

2)
I am actually a Java developer running my own Linux server, so I am far away from being a Linux expert. 
My feeling is that the documentation is really hard to follow.
It was hard to find out how to interpret the audit.log. The only location to explain the different attributes seams to be
http://seedit.sourceforge.net/doc/access_vectors/ <javascript:void(0);/*1221395834258*/>
But still some documented log entries would be fine, e.g. what does a socket connect require, what does a search for the config file in /etc require, ...
I found the tip to use sealert -a on the http://wiki.centos.org/HowTos/SELinux <javascript:void(0);/*1221395813896*/>
I found the statement do 'cat audit.log | audit2allow ...' but don't trust the result somewhere. But well, if I shouldn't trust, I would appreciate to analyse as well.
Your wiki does note http://people.redhat.com/dwalsh/SELinux/Presentations/ManageRHEL5.pdf <javascript:void(0);/*1221395820244*/> which is a good resource after having understood the basics 

The next page told me about sesearch, which is a very important tool IMHO.
http://www.durchmesser.ch/wiki/SELinux <javascript:void(0);/*1221395840703*/>
I still have no idea how to find information on the different macros which where noted somewhere.
From my beginner point of view, I noted my steps and resources on my blog at http://www.laliluna.de/blog/
To summarize, I would appreciate a somehow more centralized complete documentation, much more oriented to practical use cases. 

Best Regards

Sebastian


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux